events {
    worker_connections 1024;
}

http {
    upstream streamlit {
        server streamlit:8080;
    }

    server {
        listen 80;
        server_name _;

        # Remove X-Frame-Options to allow iframe embedding
        proxy_hide_header X-Frame-Options;

        # Allow embedding from your domain
        add_header Content-Security-Policy "frame-ancestors 'self' https://kschappell.com https://*.kschappell.com";

        location / {
            proxy_pass http://streamlit;
            proxy_http_version 1.1;

            # WebSocket support (required for Streamlit)
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            # Standard proxy headers
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

            # Timeouts for long-running connections
            proxy_read_timeout 86400;
            proxy_send_timeout 86400;
        }

        # Health check endpoint
        location /health {
            return 200 'ok';
            add_header Content-Type text/plain;
        }
    }
}